Qlogic 2500 Series Data-at-Rest Encryption Addresses SAN Instrukcja Użytkownika Pobierz pdf

WHITE PAPER

Key Findings

SAN security via encryption is necessary for protecting data when it leaves a physically secure SAN (for example, tape backups and

hard disks leaving for repair or retirement). This paper reveals that:

• Encryption of data at the media (data-at-rest encryption with self-encrypting drives), in conjunction with physical SAN

security, addresses all major storage administrators’ security concerns. This type of encryption allows for minimal disruption

of existing SAN infrastructure deployments and maintains interoperability.

• Alternative approaches to secure data, such as adapter-based encryption, are solutions looking for a problem. These

approaches promote vendor lock-in, as the data encrypted by the hardware/adapters can only be read by the same vendor’s

adapter or proprietary solutions that created them. Such approaches also pose new security risks if interoperability with existing

deployments is mandated by IT managers.

• Host-based encryption poses new challenges to data compression or de-duplication applications.

• Fabric based encryption (switch-to-switch) addresses security needs when data is being exchanged between SANs

across the WAN. Pervasive adoption of such features requires standards-based key management, which does not exist today.

Every vendor’s key manager handle keys differently, making interoperability a challenge.

• QLogic’s Fibre Channel Adapters provide a secure solution that works well with Self-Encrypting Drives (SEDs) and provide

interoperability with other hardware components in the SAN without the need for adapter-based encryption.

Data-at-Rest Encryption Addresses

SAN Security Requirements

QLogic 2500 Series Fibre Channel Adapters Meet

Enterprise Security Needs

1 2 3 4 5 6

WHITE PAPERKey FindingsSAN security via encryption is necessary for protecting data when it leaves a physically secure SAN (for example, tape backups

HSG-WP08015 FC0032001-00 Rev. B 05/12 2 WHITE PAPERIntroductionSAN security breaches are expensive, costing corporations over a million dollars in

HSG-WP08015 FC0032001-00 Rev. B 05/12 3 WHITE PAPERIn the case of planned attacks by unauthorized users (lower right quadrant of Figure 1), it is

HSG-WP08015 FC0032001-00 Rev. B 05/12 4 WHITE PAPEREncryption Upstream and Above the Adapter and File SystemEncryption at the application, databas

HSG-WP08015 FC0032001-00 Rev. B 05/12 5 WHITE PAPERconsidered a security risk. With physical security protection for the fabric, there is still th

HSG-WP08015 FC0032001-00 Rev. B 05/12 6 WHITE PAPERDisclaimerReasonable efforts have been made to ensure the validity and accuracy of these perfor

Brak uwag

Qlogic 2500 Series Data-at-Rest Encryption Addresses SAN Instrukcja Użytkownika